Merge branch 'main' into josh/cf-3686-add-kube-proxy-integration-for-…

…api-logging

go.mod

@@ -30,7 +30,7 @@ require (
 	github.com/common-fate/common-fate v0.15.13
 	github.com/common-fate/glide-cli v0.6.0
 	github.com/common-fate/grab v1.3.0
-	github.com/common-fate/sdk v1.66.1-0.20241018041827-08b52ccdd859
+	github.com/common-fate/sdk v1.69.0
 	github.com/common-fate/xid v1.0.0
 	github.com/fatih/color v1.16.0
 	github.com/google/go-cmp v0.6.0
@@ -98,14 +98,13 @@ require (
 	github.com/muesli/cancelreader v0.2.2 // indirect
 	github.com/muesli/termenv v0.15.3-0.20240618155329-98d742f6907a // indirect
 	github.com/muhlemmer/gu v0.3.1 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/twinj/uuid v0.0.0-20151029044442-89173bcdda19 // indirect
-	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
 	github.com/xtaci/smux v1.5.24 // indirect
 	github.com/zitadel/logging v0.6.0 // indirect

go.sum

@@ -94,10 +94,8 @@ github.com/common-fate/grab v1.3.0 h1:vGNBMfhAVAWtrLuH1stnhL4LsDb73drhegC/060q+O
 github.com/common-fate/grab v1.3.0/go.mod h1:6zH8GckZGFrOKfZzL4Y/2OTvxwFeL6cDtsztM0GGC2Y=
 github.com/common-fate/iso8601 v1.1.0 h1:nrej9shsK1aB4IyOAjZl68xGk8yDuUxVwQjoDzxSK2c=
 github.com/common-fate/iso8601 v1.1.0/go.mod h1:DU4mvUEkkWZUUSJq2aCuNqM1luSb0Pwyb2dLzXS+img=
-github.com/common-fate/sdk v1.66.1-0.20241016231907-6bf32a394770 h1:YecCiQPcdDDAfByfxDsNSTv79CTkc+iD2M774As3Joo=
-github.com/common-fate/sdk v1.66.1-0.20241016231907-6bf32a394770/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
-github.com/common-fate/sdk v1.66.1-0.20241018041827-08b52ccdd859 h1:eZPUbkoCP4soagyeRYQ59W8MV+u2daVGLnuI6KRlGbc=
-github.com/common-fate/sdk v1.66.1-0.20241018041827-08b52ccdd859/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
+github.com/common-fate/sdk v1.69.0 h1:EcgIBjAFFvQnCd1/Lj5Wik/bOUMD9xhxDLEmXS1H7Gk=
+github.com/common-fate/sdk v1.69.0/go.mod h1:OrXhzB2Y1JSrKGHrb4qRmY+6MF2M3MFb+3edBnessXo=
 github.com/common-fate/session-manager-plugin v0.0.0-20240723053832-3d311db99016 h1:WObxQKT/BuR8HWKSGsJ6aQb/cdhvkenkb1KWXNyPWeE=
 github.com/common-fate/session-manager-plugin v0.0.0-20240723053832-3d311db99016/go.mod h1:glAZTUB+4Eg0JVLC3B/YEomJv6QHcNS3klJjw9HC5Y8=
 github.com/common-fate/updatecheck v0.3.5 h1:UGIKMnYwuHjbhhCaisLz1pNPg8Z1nXEoWcfqT+4LkAg=
@@ -367,8 +365,6 @@ github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
 github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
-github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
-github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
 github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
 github.com/xtaci/smux v1.5.24 h1:77emW9dtnOxxOQ5ltR+8BbsX1kzcOxQ5gB+aaV9hXOY=
@@ -410,8 +406,6 @@ golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
 golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
-golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=

pkg/granted/rds/local_port.go

@@ -0,0 +1,31 @@
+package rds
+
+type getLocalPortInput struct {
+	// OverrideFlag is set by the user using the --port flag
+	OverrideFlag int
+	// DefaultFromServer is the port number specified by admins in the Terraform provider
+	DefaultFromServer int
+	// Fallback is the port to default to if OverrideFlag and DefaultFromServer are not set
+	Fallback int
+}
+
+// getLocalPort returns the port number to use for the local port
+//
+// Common Fate allows admins to set default ports in the Terraform provider and
+// users to override them with the --port flag when running granted rds proxy --port <port>
+//
+// The order of priorities is:
+// 1. OverrideFlag
+// 2. DefaultFromServer
+// 3. Fallback
+//
+// You should set Fallback to 5432 for PostgreSQL and 3306 for MySQL
+func getLocalPort(input getLocalPortInput) int {
+	if input.OverrideFlag != 0 {
+		return input.OverrideFlag
+	}
+	if input.DefaultFromServer != 0 {
+		return input.DefaultFromServer
+	}
+	return input.Fallback
+}

pkg/granted/rds/local_port_test.go

@@ -0,0 +1,56 @@
+package rds
+
+import "testing"
+
+func Test_getLocalPort(t *testing.T) {
+	type args struct {
+		input getLocalPortInput
+	}
+	tests := []struct {
+		name string
+		args args
+		want int
+	}{
+		// TODO: Add test cases.
+		{
+			name: "OverridePortTakesPriority",
+			args: args{
+				input: getLocalPortInput{
+					OverrideFlag:      5000,
+					DefaultFromServer: 8080,
+					Fallback:          5432,
+				},
+			},
+			want: 5000,
+		},
+		{
+			name: "DefaultFromServerTakesPriority",
+			args: args{
+				input: getLocalPortInput{
+					OverrideFlag:      0,
+					DefaultFromServer: 8080,
+					Fallback:          5432,
+				},
+			},
+			want: 8080,
+		},
+		{
+			name: "FallbackTakesPriority",
+			args: args{
+				input: getLocalPortInput{
+					OverrideFlag:      0,
+					DefaultFromServer: 0,
+					Fallback:          5432,
+				},
+			},
+			want: 5432,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := getLocalPort(tt.args.input); got != tt.want {
+				t.Errorf("getLocalPort() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

pkg/granted/rds/rds.go

@@ -215,17 +215,23 @@ func clientConnectionParameters(c *cli.Context, ensuredAccess *proxy.EnsureAcces
 	// Print the connection information to the user based on the database they are connecting to
 	// the passwords are always 'password' while the username and database will match that of the target being connected to
 	yellow := color.New(color.FgYellow)
-	// the port that the user connects to
-	overridePort := c.Int("port")
 	switch ensuredAccess.GrantOutput.RdsDatabase.Engine {
 	case "postgres", "aurora-postgresql":
-		port = grab.If(overridePort != 0, strconv.Itoa(overridePort), "5432")
-		connectionString = yellow.Sprintf("postgresql://%s:[email protected]:%s/%s?sslmode=disable", ensuredAccess.GrantOutput.User.Username, port, ensuredAccess.GrantOutput.RdsDatabase.Database)
-		cliString = yellow.Sprintf(`psql "postgresql://%s:[email protected]:%s/%s?sslmode=disable"`, ensuredAccess.GrantOutput.User.Username, port, ensuredAccess.GrantOutput.RdsDatabase.Database)
+		port := getLocalPort(getLocalPortInput{
+			OverrideFlag:      c.Int("port"),
+			DefaultFromServer: int(ensuredAccess.GrantOutput.DefaultLocalPort),
+			Fallback:          5432,
+		})
+		connectionString = yellow.Sprintf("postgresql://%s:[email protected]:%d/%s?sslmode=disable", ensuredAccess.GrantOutput.User.Username, port, ensuredAccess.GrantOutput.RdsDatabase.Database)
+		cliString = yellow.Sprintf(`psql "postgresql://%s:[email protected]:%d/%s?sslmode=disable"`, ensuredAccess.GrantOutput.User.Username, port, ensuredAccess.GrantOutput.RdsDatabase.Database)
 	case "mysql", "aurora-mysql":
-		port = grab.If(overridePort != 0, strconv.Itoa(overridePort), "3306")
-		connectionString = yellow.Sprintf("%s:password@tcp(127.0.0.1:%s)/%s", ensuredAccess.GrantOutput.User.Username, port, ensuredAccess.GrantOutput.RdsDatabase.Database)
-		cliString = yellow.Sprintf(`mysql -u %s -p'password' -h 127.0.0.1 -P %s %s`, ensuredAccess.GrantOutput.User.Username, port, ensuredAccess.GrantOutput.RdsDatabase.Database)
+		port := getLocalPort(getLocalPortInput{
+			OverrideFlag:      c.Int("port"),
+			DefaultFromServer: int(ensuredAccess.GrantOutput.DefaultLocalPort),
+			Fallback:          3306,
+		})
+		connectionString = yellow.Sprintf("%s:password@tcp(127.0.0.1:%d)/%s", ensuredAccess.GrantOutput.User.Username, port, ensuredAccess.GrantOutput.RdsDatabase.Database)
+		cliString = yellow.Sprintf(`mysql -u %s -p'password' -h 127.0.0.1 -P %d %s`, ensuredAccess.GrantOutput.User.Username, port, ensuredAccess.GrantOutput.RdsDatabase.Database)
 	default:
 		return "", "", "", fmt.Errorf("unsupported database engine: %s, maybe you need to update your `cf` cli", ensuredAccess.GrantOutput.RdsDatabase.Engine)
 	}

pkg/granted/request/close.go

@@ -16,7 +16,6 @@ import (
 	"github.com/common-fate/sdk/eid"
 	accessv1alpha1 "github.com/common-fate/sdk/gen/commonfate/access/v1alpha1"
 	entityv1alpha1 "github.com/common-fate/sdk/gen/commonfate/entity/v1alpha1"
-	filtersv1alpha1 "github.com/common-fate/sdk/gen/commonfate/filters/v1alpha1"
 	"github.com/common-fate/sdk/service/access/grants"
 	"github.com/common-fate/sdk/service/access/request"
 	identitysvc "github.com/common-fate/sdk/service/identity"
@@ -138,24 +137,8 @@ var closeCommand = cli.Command{
 		}
 		accessClient := request.NewFromConfig(cfg)
 
-		idClient := identitysvc.NewFromConfig(cfg)
-		callerID, err := idClient.GetCallerIdentity(c.Context, connect.NewRequest(&accessv1alpha1.GetCallerIdentityRequest{}))
-		if err != nil {
-			return err
-		}
-
-		res, err := accessClient.QueryAccessRequests(ctx, connect.NewRequest(&accessv1alpha1.QueryAccessRequestsRequest{
-			Archived: false,
-			Order:    entityv1alpha1.Order_ORDER_DESCENDING.Enum(),
-			Filters: []*accessv1alpha1.Filter{
-				{
-					Filter: &accessv1alpha1.Filter_RequestedBy{
-						RequestedBy: &filtersv1alpha1.EntityFilter{
-							Ids: []*entityv1alpha1.EID{callerID.Msg.Principal.Eid},
-						},
-					},
-				},
-			},
+		res, err := accessClient.QueryMyAccessRequests(ctx, connect.NewRequest(&accessv1alpha1.QueryMyAccessRequestsRequest{
+			Order: entityv1alpha1.Order_ORDER_DESCENDING.Enum(),
 		}))
 		clio.Debugw("result", "res", res)
 		if err != nil {